When DOJ announced its FCPA Corporate Enforcement Policy in 2017 (later expanded to all corporate criminal defendants https://www.bclplaw.com/en-US/thought-leadership/doj-to-apply-fcpa-corporate-enforcement-policy-as-nonbinding.html), defense lawyers expressed concern about a provision buried within what it meant to provide “timely and appropriate remediation”:

Appropriate retention of business records, and prohibiting the improper destruction or deletion of business records, including prohibiting employees from using software that generates but does not appropriately retain business records or communications

Thus, it appeared, to achieve full credit under the Policy, a company had to prohibit employees from communicating on popular platforms like WhatsApp and Snapchat.

On March 8, 2019, DOJ announced several changes to its FCPA Corporate Enforcement Policy, including one that softens the above requirement by stating that the company can satisfy appropriate retention of business records by “implementing appropriate guidance and controls on the use of personal communications and ephemeral messaging platforms that undermine the company’s ability to appropriately retain business records or communications or otherwise comply with the company’s document retention policies or legal obligations.” This revision therefore allows companies to appropriately recognize the reality that business in certain countries and in certain situations may be conducted with all manner of communications platforms.

Another change clarifies the previous “de-confliction” policy. To receive full co-operation credit, the Policy provides that a company shall undertake, “Where requested and appropriate, de-confliction of witness interviews and other investigative steps that a company intends to take as part of its internal investigation with steps that the Department intends to take as part of its investigation.” To this requirement, the new Policy adds a footnote stating: “Although the Department may, where appropriate, request that a company refrain from taking a specific action for a limited period of time for de-confliction purposes, the Department will not take any steps to affirmatively direct a company’s internal investigation efforts.” This is likely in response to individual defendants in at least two matters alleging that the DOJ had directed the company’s internal investigation and therefore the company’s lawyers were nothing but an arm of DOJ. Such allegations, if true, would create discovery issues and potential Fifth Amendment issues for the government.

The tweaked Policy also includes a change announced earlier that makes it clear that the Policy applies to companies that acquire other companies and voluntary disclose misconduct in the acquired company. Under such circumstances, the reporting company will also get the presumption of a declination, if the other requirements of the Policy are met.

In addition, the revised Policy incorporates a change announced in November 2018 that lessened the requirement of providing information regarding all individuals involved in the wrongdoing. The new standard is for the company to disclose “all relevant facts about all individuals substantially involved in or responsible for the violation of law.”

Finally, the Policy clarifies that companies need not waive the attorney-client privilege or work product protections to achieve maximum credit. Although there was some existing language to that effect in the existing Policy, the new language makes it absolutely clear.

These changes are good changes to the Policy, and they were needed. Nonetheless, as we wrote before, Companies still should weigh the risks and benefits of just fixing the problem, remediating as much as reasonably possible, strengthening their compliance programs, and moving forward versus the certain costs of reporting the issue to DOJ. https://www.bclplaw.com/en-US/thought-leadership/the-new-doj-fcpa-corporate-enforcement-policy-does-it-move-the.html